From 7e7647af0d52ec8c250b271c4ff8129f9a02a919 Mon Sep 17 00:00:00 2001
From: ChK <ckendel@gmail.com>
Date: Fri, 8 May 2026 21:18:02 +0200
Subject: [PATCH] nix

---
 server.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 05c659f..ab3a123 100755
--- a/server.js
+++ b/server.js
@@ -50,11 +50,16 @@ app.use(
         "connect-src": ["'self'"],         // same-origin WSS
         "object-src": ["'none'"],
         "base-uri": ["'self'"],
-        "frame-ancestors": ["'self'"]
+        "frame-ancestors": ["'self'", "https://server.schooltech.ch", "https://robotvideo.server.schooltech.ch"]
       }
     },
   })
 );
+app.use((req, res, next) => {
+  res.setHeader('Content-Security-Policy', "frame-ancestors 'self' https://server.schooltech.ch");
+  res.setHeader('X-Frame-Options', 'ALLOW-FROM https://server.schooltech.ch');
+  next();
+});
 app.use(express.static(path.join(__dirname, 'public'), { etag: true, maxAge: '1h' }));
 app.get('/health', (_req, res) => res.status(200).send('ok'));